diff --git a/2018/12xxx/CVE-2018-12482.json b/2018/12xxx/CVE-2018-12482.json index fe244fc718d..f6154b831fa 100644 --- a/2018/12xxx/CVE-2018-12482.json +++ b/2018/12xxx/CVE-2018-12482.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12482", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/", + "refsource" : "MISC", + "url" : "https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/" } ] } diff --git a/2018/12xxx/CVE-2018-12483.json b/2018/12xxx/CVE-2018-12483.json index d587b5b69fc..676a886d027 100644 --- a/2018/12xxx/CVE-2018-12483.json +++ b/2018/12xxx/CVE-2018-12483.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-12483", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "OCS Inventory 2.4.1 is prone to a remote command-execution vulnerability. Specifically, this issue occurs because the content of the ipdiscover_analyser rzo GET parameter is concatenated to a string used in an exec() call in the PHP code. Authentication is needed in order to exploit this vulnerability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/", + "refsource" : "MISC", + "url" : "https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14417.json b/2018/14xxx/CVE-2018-14417.json index 9573c6e6462..f8bcedc59bb 100644 --- a/2018/14xxx/CVE-2018-14417.json +++ b/2018/14xxx/CVE-2018-14417.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14417", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,38 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "20180726 [CORE-2018-0009] - SoftNAS Cloud OS Command Injection", + "refsource" : "FULLDISC", + "url" : "http://seclists.org/fulldisclosure/2018/Jul/85" + }, + { + "name" : "https://www.coresecurity.com/advisories/softnas-cloud-os-command-injection", + "refsource" : "MISC", + "url" : "https://www.coresecurity.com/advisories/softnas-cloud-os-command-injection" + }, + { + "name" : "https://docs.softnas.com/display/SD/Release+Notes", + "refsource" : "CONFIRM", + "url" : "https://docs.softnas.com/display/SD/Release+Notes" } ] } diff --git a/2018/14xxx/CVE-2018-14473.json b/2018/14xxx/CVE-2018-14473.json index f83d7c049f2..253a9cbdb97 100644 --- a/2018/14xxx/CVE-2018-14473.json +++ b/2018/14xxx/CVE-2018-14473.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14473", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate information or cause a Denial of Service." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/", + "refsource" : "MISC", + "url" : "https://www.tarlogic.com/en/blog/vulnerabilities-in-ocs-inventory-2-4-1/" } ] } diff --git a/2018/14xxx/CVE-2018-14497.json b/2018/14xxx/CVE-2018-14497.json index a87257da53b..7a127839200 100644 --- a/2018/14xxx/CVE-2018-14497.json +++ b/2018/14xxx/CVE-2018-14497.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14497", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Tenda D152 ADSL routers allow XSS via a crafted SSID." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://sandipdeyhack7.blogspot.com/2018/07/cve-2018-14497-tenda-d152-adsl-routers_24.html", + "refsource" : "MISC", + "url" : "https://sandipdeyhack7.blogspot.com/2018/07/cve-2018-14497-tenda-d152-adsl-routers_24.html" } ] } diff --git a/2018/14xxx/CVE-2018-14541.json b/2018/14xxx/CVE-2018-14541.json index 383e35c964e..a4422174247 100644 --- a/2018/14xxx/CVE-2018-14541.json +++ b/2018/14xxx/CVE-2018-14541.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14541", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://gkaim.com/cve-2018-14541-vikas-chaudhary/", + "refsource" : "MISC", + "url" : "https://gkaim.com/cve-2018-14541-vikas-chaudhary/" } ] } diff --git a/2018/14xxx/CVE-2018-14593.json b/2018/14xxx/CVE-2018-14593.json index 5c733cb6cd2..419e95fdad0 100644 --- a/2018/14xxx/CVE-2018-14593.json +++ b/2018/14xxx/CVE-2018-14593.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2018-14593", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An issue was discovered in Open Ticket Request System (OTRS) 6.0.x through 6.0.9, 5.0.x through 5.0.28, and 4.0.x through 4.0.30. An attacker who is logged into OTRS as an agent may escalate their privileges by accessing a specially crafted URL." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de", + "refsource" : "CONFIRM", + "url" : "https://community.otrs.com/security-advisory-2018-03-security-update-for-otrs-framework/?lang=de" } ] } diff --git a/2018/14xxx/CVE-2018-14895.json b/2018/14xxx/CVE-2018-14895.json new file mode 100644 index 00000000000..a6e2ea2fd48 --- /dev/null +++ b/2018/14xxx/CVE-2018-14895.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14895", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14896.json b/2018/14xxx/CVE-2018-14896.json new file mode 100644 index 00000000000..ba501be5207 --- /dev/null +++ b/2018/14xxx/CVE-2018-14896.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14896", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/14xxx/CVE-2018-14897.json b/2018/14xxx/CVE-2018-14897.json new file mode 100644 index 00000000000..58995ce2931 --- /dev/null +++ b/2018/14xxx/CVE-2018-14897.json @@ -0,0 +1,18 @@ +{ + "CVE_data_meta" : { + "ASSIGNER" : "cve@mitre.org", + "ID" : "CVE-2018-14897", + "STATE" : "RESERVED" + }, + "data_format" : "MITRE", + "data_type" : "CVE", + "data_version" : "4.0", + "description" : { + "description_data" : [ + { + "lang" : "eng", + "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + } + ] + } +} diff --git a/2018/2xxx/CVE-2018-2879.json b/2018/2xxx/CVE-2018-2879.json index 23166075d83..7bf53976631 100644 --- a/2018/2xxx/CVE-2018-2879.json +++ b/2018/2xxx/CVE-2018-2879.json @@ -57,6 +57,16 @@ }, "references" : { "reference_data" : [ + { + "name" : "https://github.com/MostafaSoliman/Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit", + "refsource" : "MISC", + "url" : "https://github.com/MostafaSoliman/Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit" + }, + { + "name" : "https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/", + "refsource" : "MISC", + "url" : "https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/" + }, { "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource" : "CONFIRM", diff --git a/2018/8xxx/CVE-2018-8781.json b/2018/8xxx/CVE-2018-8781.json index e20077443f0..61a8ecf7f6e 100644 --- a/2018/8xxx/CVE-2018-8781.json +++ b/2018/8xxx/CVE-2018-8781.json @@ -63,6 +63,11 @@ "refsource" : "MISC", "url" : "https://patchwork.freedesktop.org/patch/211845/" }, + { + "name" : "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/", + "refsource" : "MISC", + "url" : "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/" + }, { "name" : "DSA-4187", "refsource" : "DEBIAN",